IP配置 接口 串口
AR1
[AR1]int g 0/0/1
[AR1-GigabitEthernet0/0/1]ip address 1.1.1.1 24
[AR1-GigabitEthernet0/0/1]int s 4/0/0
[AR1-Serial4/0/0]ip address 15.0.0.1 24
AR2
[AR2]int g 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 2.2.2.1 24
[AR2-GigabitEthernet0/0/1]int s 4/0/1
[AR2-Serial4/0/1]ip address 25.0.0.1 24
AR3
[AR3]int g 0/0/1
[AR3-GigabitEthernet0/0/1]ip address 3.3.3.1 24
[AR3-GigabitEthernet0/0/1]int s 4/0/0
[AR3-Serial4/0/0]ip address 35.0.0.1 24
AR4
[AR4]int g 0/0/0
[AR4-GigabitEthernet0/0/0]ip address 45.0.0.1 24
[AR4-GigabitEthernet0/0/0]int g 0/0/1
[AR4-GigabitEthernet0/0/1]ip address 4.4.4.1 24
AR5
[AR5]int g 0/0/0
[AR5-GigabitEthernet0/0/0]ip address 45.0.0.2 24
[AR5-GigabitEthernet0/0/0]int s 4/0/0
[AR5-Serial4/0/0]ip address 15.0.0.2 24
[AR5-Serial4/0/0]int s 4/0/1
[AR5-Serial4/0/1]ip address 25.0.0.2 24
[AR5-Serial4/0/1]int s 3/0/0
[AR5-Serial3/0/0]ip address 35.0.0.2 24
[AR5-Serial3/0/0]int l 0
[AR5-LoopBack0]ip address 5.5.5.1 24
配置缺省(全部指向AR5)
AR1
[AR1]ip route-static 0.0.0.0 0 15.0.0.2
AR2
[AR2]ip route-static 0.0.0.0 0 25.0.0.2
AR3
[AR3]ip route-static 0.0.0.0 0 35.0.0.2
AR4
[AR4]ip route-static 0.0.0.0 0 45.0.0.2
测试一下
AR1和AR5之间使用PPP认证,AR5为主认证方
AR5 创建用户修改接口认证
[AR5]aaa
[AR5-aaa]local-user wuhu password cipher 123
[AR5-aaa]local-user wuhu service-type ppp
[AR5-aaa]int s 4/0/0
[AR5-Serial4/0/0]ppp authentication-mode pap
AR1 修改接口认证
[AR1]int Serial 4/0/0
[AR1-Serial4/0/0]ppp authentication-mode pap
AR2和AR5之间使用chap认证 AR5为主认证方
AR5
[AR5]int s 4/0/1
[AR5-Serial4/0/1]ppp authentication-mode chap
AR2
[AR2]int s 4/0/1
[AR2-Serial4/0/1]ppp authentication-mode chap
AR5与AR3之间使用HDLC封装
AR5
[AR5-Serial4/0/1]int s 3/0/0
[AR5-Serial3/0/0]link-protocol hdlc
AR3
[AR3]int s 4/0/0
[AR3-Serial4/0/0]link-protocol hdlc
AR1/AR2/AR3 构建一个MGRE环境 AR1为中心
AR1
[AR1]int Tunnel 0/0/0
[AR1-Tunnel0/0/0]ip address 192.168.5.1 24
[AR1-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR1-Tunnel0/0/0]source 15.0.0.1
[AR1-Tunnel0/0/0]nhrp network-id 100
[AR1-Tunnel0/0/0]nhrp entry multicast dynamic
AR2
[AR2]int t 0/0/0
[AR2-Tunnel0/0/0]ip address 192.168.5.2 24
[AR2-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR2-Tunnel0/0/0]source Serial 4/0/1
[AR2-Tunnel0/0/0]nhrp network-id 100
[AR2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
AR3
[AR3]int t 0/0/0
[AR3-Tunnel0/0/0]ip address 192.168.5.3 24
[AR3-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR3-Tunnel0/0/0]nhrp network-id 100
[AR3-Tunnel0/0/0]source Serial 4/0/0
[AR3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
AR1 AR4 间为点到点的GRE
AR1
[AR1]int t 0/0/1
[AR1-Tunnel0/0/1]ip address 192.168.6.1 24
[AR1-Tunnel0/0/1]source 15.0.0.1
[AR1-Tunnel0/0/1]destination 45.0.0.1
AR4
[AR4]int t 0/0/1
[AR4-Tunnel0/0/1]ip address 192.168.6.2 24
[AR4-Tunnel0/0/1]tunnel-protocol gre
[AR4-Tunnel0/0/1]source 45.0.0.1
[AR4-Tunnel0/0/1]destination 15.0.0.1
基于RIP 全网可达
AR1
[AR1]rip 1
[AR1-rip-1]version 2
[AR1-rip-1]network 1.0.0.0
[AR1-rip-1]network 192.168.5.0
[AR1-rip-1]network 192.168.6.0
[AR1-rip-1]int t 0/0/0
[AR1-Tunnel0/0/0]undo rip split-horizon
AR2
[AR2]rip 1
[AR2-rip-1]version 2
[AR2-rip-1]network 2.0.0.0
[AR2-rip-1]network 192.168.5.0
AR3
[AR3]rip 1
[AR3-rip-1]v 2
[AR3-rip-1]network 3.0.0.0
[AR3-rip-1]network 192.168.5.0
AR4
[AR4]rip 1
[AR4-rip-1]v 2
[AR4-rip-1]network 192.168.6.0
[AR4-rip-1]network 4.0.0.0
所有pc设置私有IP为源IP,可以访问AR5环回
AR1
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 1.0.0.0 0.255.255.255
[AR1-acl-basic-2000]int s 4/0/0
[AR1-Serial4/0/0]nat outbound 2000
AR2
[AR2]acl 2000
[AR2-acl-basic-2000]rule permit source 2.0.0.0 0.255.255.255
[AR2-acl-basic-2000]int s 4/0/1
[AR2-Serial4/0/1]nat outbound 2000
AR3
[AR3]acl 2000
[AR3-acl-basic-2000]rule permit source 3.0.0.0 0.255.255.255
[AR3-acl-basic-2000]int s 4/0/0
[AR3-Serial4/0/0]nat outbound 2000
AR4
[AR4]acl 2000
[AR4-acl-basic-2000]rule permit source 4.0.0.0 0.255.255.255
[AR4-acl-basic-2000]int g 0/0/0
[AR4-GigabitEthernet0/0/0]nat outbound 2000
测试,能通
完成